7+ Ways To Prevent Fraud and Preserve Relationships

Fraudsters use more than one weapon to attack—and likewise you need an arsenal to defend against them and enhance customer experience.

In our previous blog, “7 Trends Hitting Retail Fraud Now,” we noted that the biggest blow to merchants due to fraud often comes from wrongly declined good customers. In 2014, U.S. card issuers falsely rejected USD $118 billion in transactions, card present and not, due to fraud suspicion. That dwarfed the USD $9 billion in actual fraud.[1] And the trend continues—by 2016, false declines reached USD $264 billion.[2]

From your customers’ standpoint, when you falsely reject their card, you reject them. And they take it to heart: After a decline, 26 percent of burned customers curtail shopping with a merchant and 32 percent stop entirely.[3] Given potential customer lifetime value runs USD $3,600 to $48,000[4], merchants take a significant financial hit from false declines.

So how do you limit losses from fraud and damage to customer relationships, while controlling operating expenses? Fraudsters use more than one weapon to attack—and likewise you need an arsenal to defend against them and enhance customer experience.

#1 Take a multi-layered approach. Given the prevalence of data breaches, you can’t rely on PII to authenticate customers. So you should add layers for security—you need cumulative information from several sources to assess fraud.

When customers visit your web site, for instance, use device ID to collect information about their operating systems, configuration, and browsers. With that data, you’ll be better able to identify them as repeat visitors or new customers.

Include other layers from your fraud platform, such as geolocation strategies. You might look at IP addresses, then compare them to language and shipping and billing addresses to determine if they’re logical.

The layers you use depend on your business—for example, velocity on shipping address won’t be relevant for in-store pickup. It’s your toolbox, so customize layers specifically to your customers and channels for a targeted approach.

#2 Understand device/behavioral data. To detect current customers as well as fraudsters, you must understand the device used for a transaction. A jailbroken phone, a cross-border IP address, a laptop acting like it’s controlled by a script can all be signals used to assess risk.

For example, clickstream behavior may clue you in to a buyer who’s navigating a site in a suspicious way. He may be cutting and pasting information or struggling to input a name taken from a spreadsheet. With simple-to-install code and after consulting your data privacy attorney, you can collect information from a browser or native app alerts you to fraudulent usage.

#3 Tap consortium data. By sharing data with a community of merchants, you aren’t fighting fraud alone—you’ll have more data and feel more confident about your decisions.

To you, a first-time customer is simply a collection of data points: credit card number, email, IP address. But if other merchants provide data about her transactions, you’ll be better equipped to assess whether she’s a legitimate customer or a fraudster. That’s the power of subscribing to a community with large global merchants that run millions of transactions annually.

#4 Adjust your fraud rules and approach to reflect risk. All channels and products aren’t equal when it comes to fraud risk. That’s why you need a platform flexible enough to let you adjust rules on the fly, with a support team’s help only when necessary.

Your rules may include IP address velocity, for instance. But an IP address from a telco like Verizon is less user-specific than one from Comcast. If you see the same IP address repeatedly and suspect an emerging attack, you might adjust velocity—but maybe not for mobile. You want to be able to apply rules unique to channels and product lines when you respond to threats.

#5 Verify data with external providers. When you have orders you’re uncertain about, you can look for specific expertise to validate questionable data and ensure it correlates. So be sure your fraud prevention platform integrates with third-party providers.

For example, Emailage provides tenure information, so you know whether an email is brand new or years old. Accertify works with more than 20 pre-integrated partners, such as Emailage, Whitepages, and LexisNexis, which gives you the flexibility to choose the type of verification. To control costs, use your rules engine to send only transactions above a predefined risk threshold.

Is a traveler who buys a last-minute, first-class ticket to London every Monday morning a fraudster—or just an over-committed and under-organized business person? If you build customer records, you can differentiate behavioral anomalies and use those to help identify fraudulent transactions.

Machine learning can reduce how often you need to update rules strategies and scores. And it may uncover fraud patterns easy for humans to overlook. Still it’s not the one and only answer to fraud.

A balance of rules and machine learning models developed under risk domain oversight gives you the best of both worlds—a nuanced approach to stop emerging fraud schemes, enforce brand policies, and recognize and protect your best customers.